Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
126
Views
0
Helpful
3
Replies

Issues with windows logon

dianawinskymartin
Level 1
Level 1

‎03-11-2025 01:14 AM - edited ‎03-11-2025 01:20 AM

Has anyone experienced trouble logging in Windows using Duo MFA? Our setup is having azure AD in synced, we also followed the guide for windows logon but we still encountered an issue logging in to windows (issue that we still need to enroll to proceed, but the account is already enrolled). We also set the username normalization of Microsoft RDP in application to "None", the issue still persists. But using local account, it works. It's just an issue with AD.

Labels:
0 Helpful
3 Replies 3

DuoKristina
Cisco Employee
Cisco Employee

‎03-11-2025 02:42 PM

If you look at the%PROGRAMDATA%\Duo Security\duo.log output for the Duo for Windows Logon application what username does it show it is sending to Duo's service, and is that username actually a username or username alias for a user that has a device capable of Duo Push, SMS, or phone call attached?

Duo, not DUO.
0 Helpful

dianawinskymartin
Level 1
Level 1
In response to DuoKristina

‎03-11-2025 05:41 PM

%PROGRAMDATA%\Duo Security\duo.log, is it in directory part?

0 Helpful

DuoKristina
Cisco Employee
Cisco Employee
In response to dianawinskymartin

‎03-12-2025 09:14 AM

That the the location of the Duo Authentication for Windows Logon application's log output on the Windows system where it is installed. %PROGRAMDATA% is usually set to C:\ProgramData.

Here's an example of what to look for in the log:

03/12/25 16:04:54 [6140](6952) [Info] PasswordCredential LogonUser username=kristina, domain=ACME
03/12/25 16:04:54 [6140](6952) [Info] Users specifiedUsernameOnly: "kristina" specifiedDomainnameOnly "ACME"
03/12/25 16:04:54 [6140](6952) [Info] Duo username format is NTLM
03/12/25 16:04:54 [6140](6952) [Info] Primary authentication succeeded {logon: RDP}.
03/12/25 16:04:54 [6140](6952) [Info] Primary authentication succeeded for user ACME\kristina
03/12/25 16:04:54 [6140](6952) [Info] Attempting secondary authentication for ACME\kristina

"Duo username format is NTLM" = The Duo client will send the username to Duo's Service as DOMAIN\samaccountname.

"Attempting secondary authentication for ACME\kristina" = the Duo client is going to send ACME\kristina because that's my username in NTLM format.

If my "Microsoft RDP" application has username normalization set to "None", I need a user with the username or username alias ACME\kristina to exist in Duo with an auth device other than platform/roaming authenticator,

If my "Microsoft RDP" application has username normalization set to "Simple" (the default for this type of application), then the username or username alias that must exist would be kristina.

So, see what your client is sending as the username to Duo in your log. Hope this helps!

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents